Zusy.426287 (B) (file analysis)

The Zusy.426287 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Zusy.426287 (B) virus can do?

Unconventionial language used in binary resources: Spanish (Modern)
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Zusy.426287 (B)?


File Info:
name: F7D730CF485E484E4EEE.mlw
path: /opt/CAPEv2/storage/binaries/0b518e3f5e79048bc2782b9f89b09288a6fadb82114f3a23b3e3b119955d7cd6
crc32: 00F97F0A
md5: f7d730cf485e484e4eee2ee6516a6dda
sha1: 3dbc5306c4fae33f3608ee79b37a5956545daa55
sha256: 0b518e3f5e79048bc2782b9f89b09288a6fadb82114f3a23b3e3b119955d7cd6
sha512: a54a6f88942886a9fcedc3ce977c2e3702f913e2b2b1f8836cd541d3f01ff739e8ee307a5034e7e9b78b49f597a7cc7ec1d426325554f403c2c3e155e1ef0361
ssdeep: 384:t7/03gjRr5StgMjVb2xa/qFqqrzWWsS4+Ws:t7ugj95SWMpbViFq4/4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T185A21902ABB40A72C0FA4E3015F30D6B29F2BC240574D9297EAC96CF6F74B505E25763
sha3_384: b8ad7333511debed481950769d7848334e9e1de213f10c201f3aa2f69e0a1515d5ea597bffe7a99195e29b6f10529e78
ep_bytes: 60be00a040008dbe0070ffff5783cdff
timestamp: 2004-05-06 23:02:15

Version Info:
Comments: Microsoft
CompanyName: Microsoft
FileDescription: Microsoft
FileVersion: 1, 0, 0, 1
InternalName: Microsoft
LegalCopyright: Copyright © 2004
LegalTrademarks: Debido a que es un Gusano, no creo oportuno rellenar este cuadro. jejeje
OriginalFilename: Microsoft
PrivateBuild: Microsoft
ProductName: Microsoft
ProductVersion: 1, 0, 0, 1
SpecialBuild: Microsoft
Translation: 0x0c0a 0x04b0

Zusy.426287 (B) also known as:

MicroWorld-eScan	Gen:Variant.Zusy.426287
FireEye	Generic.mg.f7d730cf485e484e
McAfee	Artemis!F7D730CF485E
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.f485e4
BitDefenderTheta	Gen:NN.ZexaF.34742.bm0@a0Xq@XU
Cyren	W32/SillyP2P.B.gen!Eldorado
Elastic	malicious (high confidence)
BitDefender	Gen:Variant.Zusy.426287
SUPERAntiSpyware	Trojan.Agent/Gen-MSFake[All]
Avast	Win32:Malware-gen
Ad-Aware	Gen:Variant.Zusy.426287
Sophos	Generic ML PUA (PUA)
Comodo	Packed.Win32.MUPX.Gen@24tbus
McAfee-GW-Edition	BehavesLike.Win32.Generic.mz
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Zusy.426287 (B)
Ikarus	Rootkit.Win32.Agent
Avira	TR/Crypt.ULPM.Gen
MAX	malware (ai score=80)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.426287
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Agent.R287264
ALYac	Gen:Variant.Zusy.426287
Malwarebytes	Generic.Worm.Agent.DDS
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/SillyP2P.B!tr
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Zusy.426287 (B)?

Zusy.426287 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X